<?php

// ##############################################################################||
// #                                                                 
// #   MySmartBB Version 1.7.0	                                      
// #   http://www.MySmartBB.com                                      
// #   Copyright (c) 2008 by MySmartBB team                           
// #   license http://opensource.org/licenses/gpl-license.php GNU Public License
// #                                                             
// #   filename : login.php                                           
// #   checking file for login informations                             
// #                                                                  
// ##############################################################################||

// ** General definitions **

     session_start();
	 
	 include('includes/config.php');
     include('includes/function.php');
     include('includes/SmartSQL.php');
     include('includes/Security.php');
     include('includes/param.class.php');
	 
	 $php_v = phpversion();
     if ($php_v < '4.1.0' ){
         $_GET = $HTTP_GET_VARS;
         $_POST = $HTTP_POST_VARS;
         $_COOKIE = $HTTP_COOKIE_VARS;
         $_SESSION = $HTTP_SESSION_VARS;
         $_SERVER = $HTTP_SERVER_VARS;
     }

	 

     $DB = new SmartSQL;
     $DB->setinfo($db_server,$db_username,$db_password,$db_name);
     $DB->sql_connect();
     $DB->sql_selectdb();
     $Param = new SmartParam;
     $Param->param();

     $info_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "info WHERE id='1'");
     $info_row   = $DB->sql_fetch_array($info_query);
     
	 					 
     define('SMARTY_DIR','includes/Smarty/');
     include(SMARTY_DIR . 'Smarty.class.php');
     $Smarty = new Smarty();
	 
     $getdefstyle_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "style WHERE id='" . $info_row['def_style'] . "'");
     $getdefstyle_row   = $DB->sql_fetch_array($getdefstyle_query);

	 $groupper_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "group WHERE id='" . $member_row['usergroup'] . "'");
     $groupper_row   = $DB->sql_fetch_array($groupper_query);

	 
	 $member_permission = 0;
	if (!empty($_COOKIE['MySBB_username']))
             {
                 $member_check = $DB->sql_query("SELECT * FROM " . $db_prefix . "member WHERE username='" . addslashes($_COOKIE['MySBB_username']) . "' AND password='" . addslashes($_COOKIE['MySBB_password']) . "'");
                 $member_c_num = $DB->sql_num_rows($member_check);
                 $member_row   = $DB->sql_fetch_array($member_check);

                 if ($member_c_num != 0)
                 {
                     $member_permission = 1;
                     $user_time = $Hgmttime+$member_row['user_time'];
                     $user_time = $user_time.$Sgmttime;

                     $Smarty->assign('MySBB_username',htmlspecialchars($member_row['username']));
                     $Smarty->assign('MySBB_lastvisit',$member_row['lastvisit']);
                     $Smarty->assign('user_time',$user_time);
					 
					      $getdefstyle_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "style WHERE id='" . $member_row['style'] . "'");
						  $getdefstyle_row   = $DB->sql_fetch_array($getdefstyle_query);

					 }
				}
					 
					  $Smarty->assign('member_permission',$member_permission);
					 
	  if ($groupper_row['allow_see_offstyles'] == 1 ){
       $getstylelist_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "style WHERE id<>'" . $style_id . "' ORDER BY style_order DESC");
                 }
                 elseif ( $groupper_row['allow_see_offstyles'] == 0)
                 {
                     $getstylelist_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "style WHERE id<>'" . $style_id . "' AND style_on<>'0' ORDER BY style_order DESC");
                 }

                 $getstylelist_rows = array();
                 while ($getstylelist_row = $DB->sql_fetch_array($getstylelist_query))
                 {
                     $getstylelist_rows[] = $getstylelist_row;
                     $Smarty->assign('getstylelist_rows',$getstylelist_rows);
                 }
				 
				 
     $todaysubject = $DB->sql_num_rows($DB->sql_query("SELECT * FROM " . $db_prefix . "subject WHERE write_date='$date' AND delete_topic<>'1' AND sec_subject<>'1'"));
     $Smarty->assign('todaysubject',$todaysubject);
		 
     $Smarty->template_dir = $getdefstyle_row['template_path'];
     $Smarty->compile_dir  = $getdefstyle_row['cache_path'];
     $Smarty->assign('image_path',$getdefstyle_row['image_path']);
     $style_name           = $getdefstyle_row['style_title'];
     $style_id           = $getdefstyle_row['id'];
                 

     $Smarty->assign('style_name',$style_name);
     $Smarty->assign('style_id',$style_id);
				 
     $contactusactive = 0;
     if ($info_row['contactus_active'] == 1)
     {
         $contactusactive = 1;
     }
     else
     {
         $contactusactive = 0;
     }
     $Smarty->assign('contactusactive', $contactusactive);
	$Smarty->assign('info_row',$info_row);
	$Smarty->assign('board_title',$info_row['title']);
     $SF = new SmartFunction;
     if ($_GET['login'] == 1)
     {
         $password = md5($_POST['T2']);
         $check    = $DB->sql_query("SELECT * FROM " . $db_prefix . "member WHERE username='" . $_POST['T1'] . "' AND password='" . $password . "'");
         $num      = $DB->sql_num_rows($check);
         if ($num != 0)
         {


if ($_POST['C1'] == 'ON')
{

// one hour : 3550
// one day : 85200
setcookie('MySBB_username' , $_POST['T1'],time()+31098000);
setcookie('MySBB_password' , $password,time()+31098000);

}
elseif ($_POST['C1'] != 'ON')
{
session_register(MySBB_Admin_username);
setcookie('MySBB_username' , $_POST['T1']);
setcookie('MySBB_password' , $password);
             }

			?>
			<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
			<html dir="rtl">
			<head>
			<link rel="alternate" type="text/xml" title="RSS .92" href="rss.php">
			<?php
    			print stripslashes($info_row['meta']);

             print"\n";
			 print'<link rel="stylesheet" href="'.$getdefstyle_row['style_path'].'"  type="text/css">';

             $DB->sql_query("DELETE FROM " . $db_prefix . "online WHERE user_ip='".$SF->SafeSQL($_SERVER['REMOTE_ADDR'])."'");

             $url = parse_url($_SERVER['HTTP_REFERER']);
             $url = $url['path'];
             $url = explode('/',$url);
             $url = $url[2];

             $Y_url = explode('/',$_SERVER['HTTP_REFERER']);
             $X_url = explode('/',$_SERVER['HTTP_HOST']);

             $Smarty->assign('username',$_POST['T1']);

             if ($url != 'login.php')
             {
                 $SF->go_to($_SERVER['HTTP_REFERER'],2);
                 $Smarty->assign('GO',htmlspecialchars($_SERVER['HTTP_REFERER']));
             }
             elseif ($Y_url[2] != $X_url[0] or $url == 'login.php')
             {
                 $SF->go_to('index.php',2);
                 $Smarty->assign('GO','index.php');
             }

             $Smarty->display('login.tpl');
         }
         else
         {
             $SF->do_headers();
			 
             		print"\n";
					print'<link rel="stylesheet" href="'.$getdefstyle_row['style_path'].'"  type="text/css">';

                             $getdefstyle_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "style WHERE id='" . $info_row['def_style'] . "'");
                            $getdefstyle_row   = $DB->sql_fetch_array($getdefstyle_query);

                            $Smarty->assign('image_path',$getdefstyle_row['image_path']);

                            $image_path    = $getdefstyle_row['image_path'];
                            $template_path = $getdefstyle_row['template_path'];
                            $style_name           = $getdefstyle_row['style_title'];
                            $style_id           = $getdefstyle_row['id'];


                           $Smarty->assign('style_name',$style_name);
                           $Smarty->assign('style_id',$style_id);

                           $getstylelist_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "style WHERE id<>'" . $style_id . "' ORDER BY id DESC");

                           $getstylelist_rows = array();

                           while ($getstylelist_row = $DB->sql_fetch_array($getstylelist_query))
            {
                            $getstylelist_rows[] = $getstylelist_row;
                            $Smarty->assign('getstylelist_rows',$getstylelist_rows);
                           }

                           $date         = date('j/n/Y');
                           $todaysubject = $DB->sql_num_rows($DB->sql_query("SELECT * FROM " . $db_prefix . "subject WHERE write_date='$date' AND delete_topic<>'1' AND sec_subject<>'1'"));
                           $Smarty->assign('todaysubject',$todaysubject);

						     $SF->html_title_page($info_row['title'] . ' - (Powered By MySmartBB Universal)');
							$SF->error("كلمة السر او اسم المستخدم خطأ");
         }
     }
     elseif ($_GET['logout'] == 1)
     {
         $DB->sql_query("DELETE FROM " . $db_prefix . "online WHERE username='".$member_row['username']."'");

         setcookie('MySBB_username' , '');
         setcookie('MySBB_password' , '');

?>
			<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
			<html dir="rtl">
			<head>
			<link rel="alternate" type="text/xml" title="RSS .92" href="rss.php">
			<?php
    			print stripslashes($info_row['meta']);

         		print"\n";
				print'<link rel="stylesheet" href="'.$getdefstyle_row['style_path'].'"  type="text/css">';

         $url = parse_url($_SERVER['HTTP_REFERER']);
         $url = $url['path'];
         $url = explode('/',$url);
         $url = $url[2];

         $Y_url = explode('/',$_SERVER['HTTP_REFERER']);
         $X_url = explode('/',$_SERVER['HTTP_HOST']);

         if ($url != 'login.php')
         {
             $SF->go_to($_SERVER['HTTP_REFERER'],2);
             $Smarty->assign('GO',$_SERVER['HTTP_REFERER']);
         }
         elseif ($Y_url[2] != $X_url[0] or $url == 'login.php' or $url == 'usercp.php')
         {
             $SF->go_to('index.php',2);
             $Smarty->assign('GO','index.php');
         }

         $Smarty->display('logout.tpl');
     }
     elseif ($_GET['register_login'] == 1)
     {
         $username = $SF->SafeSQL($_GET['username']);
         $password = base64_decode($_GET['password']);
         $password = md5($password);
         $password = $SF->SafeSQL($password);
         $check    = $DB->sql_query("SELECT * FROM " . $db_prefix . "member WHERE username='" . $username . "' AND password='" . $password . "'");
         $num      = $DB->sql_num_rows($check);
         $rows	   = $DB->sql_fetch_array($check);
         
         if ($rows['register_date'] == date('Y-m-d'))
         {
         	if ($num != 0)
         	{
            	setcookie('MySBB_username' , ''.urldecode($_GET['username']).'',time()+31098000);
             	setcookie('MySBB_password' , ''.$password.'',time()+31098000);

             	$DB->sql_query("DELETE FROM " . $db_prefix . "online WHERE user_ip='".$SF->SafeSQL($_SERVER['REMOTE_ADDR'])."'");

             	$getdefstyle_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "style WHERE id='" . $info_row['def_style'] . "'");
             	$getdefstyle_row   = $DB->sql_fetch_array($getdefstyle_query);

             		print"\n";
					print'<link rel="stylesheet" href="'.$getdefstyle_row['style_path'].'"  type="text/css">';


             	$Smarty->assign('username',htmlspecialchars($_GET['username']));
             	$SF->go_to('index.php',2);
             	$Smarty->display('login.tpl');
         	}
         	else
         	{
            	$SF->do_headers();
             	print"\n";
				print'<link rel="stylesheet" href="'.$getdefstyle_row['style_path'].'"  type="text/css">';

				$SF->html_title_page($info_row['title'] . ' - (Powered By MySmartBB Universal)');
             	$SF->error("كلمة السر أو اسم المستخدم خطأ");
         	}
         }
         else
         {
         	$SF->go_to('index.php',0);
         }
     }
     elseif ($_GET['change_style'] == 1)
     {
         if (empty($_GET['id']))
         {		
		 	$SF->do_headers();
			print"\n";
			print'<link rel="stylesheet" href="'.$getdefstyle_row['style_path'].'"  type="text/css">';

			$SF->html_title_page($info_row['title'] . ' - (Powered By MySmartBB Universal)');
            $SF->error('المسار المتبع غير صحيح');				
         }

         $id = intval($_GET['id']);
         $checkstyle_query = $DB->sql_query("SELECT * FROM " . $db_prefix . "style WHERE id='" . $id . "'");
         $checkstyle_num   = $DB->sql_num_rows($checkstyle_query);

         if ($checkstyle_num <= 0)
         {
		 	 	$SF->do_headers();
				print"\n";
				print'<link rel="stylesheet" href="'.$getdefstyle_row['style_path'].'"  type="text/css">';

				$SF->html_title_page($info_row['title'] . ' - (Powered By MySmartBB Universal)');
         	    $SF->error('المعذرة، الاستايل المطلوب غير موجود');
         }

         $member_check = $DB->sql_query("SELECT * FROM " . $db_prefix . "member WHERE username='". $_COOKIE['MySBB_username'] ."' AND password='". $_COOKIE['MySBB_password'] ."'");
         $member_c_num = $DB->sql_num_rows($member_check);
         $member_row   = $DB->sql_fetch_array($member_check);

         if ($member_c_num == 1)
         {
             $update = $DB->sql_query("UPDATE " . $db_prefix . "member SET style='" . intval($_GET['id']) . "' WHERE id='" . $member_row['id'] . "'");
             if ($update)
             {
			 	$SF->do_headers();
				print"\n";
				print'<link rel="stylesheet" href="'.$getdefstyle_row['style_path'].'"  type="text/css">';
				$SF->html_title_page($info_row['title'] . ' - (Powered By MySmartBB Universal)');
				$Smarty->assign('msgg','حُدِّثَت المعلومات بنجاح'); 
				$Smarty->assign('GO','index.php');
				$SF->go_to('index.php',2);     
				$Smarty->display('loading.tpl');
				$Smarty->display('footer.tpl');
						
             }
         }
         else
         {
             $update = setcookie('MySmartBB_style','');
             $update = setcookie('MySmartBB_style',intval($_GET['id']));

             if ($update)
             {		
			 	$SF->do_headers();
				print"\n";
				print'<link rel="stylesheet" href="'.$getdefstyle_row['style_path'].'"  type="text/css">';

				$SF->html_title_page($info_row['title'] . ' - (Powered By MySmartBB Universal)');			 
				$Smarty->assign('msgg','حُدِّثَت المعلومات بنجاح'); 
				$Smarty->assign('GO','index.php');
				$SF->go_to('index.php',2);     
				$Smarty->display('loading.tpl');
				$Smarty->display('footer.tpl');
						
             }
         }
     }

?>